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REMARKS 

In this Response, Applicants amend the drawing for Fig. 2, amend the abstract for length, 
cancel claim 71, amend claims 67, 70, 74, and 77, and remove the bases for the Examiner's 
rejections. Applicants amend the claims solely to expedite prosecution and do not acquiesce to 
any of the Examiner's rejections. Applicants' amendments to the claims are supported 
throughout the application and at least by p. 6, 11. 15-24 and p. 12, 11. 22-27 of the specification. 
Applicants' silence with regard to the Examiner's rejections of dependent claims constitutes a 
recognition by the Applicants that the rejections are moot based on the Applicants' Amendment 
and/or Remarks relative to the independent claim from which the dependent claims depend. 
Applicants reserve the option to further prosecute the same or similar claims in the present or a 
subsequent application. Upon entry of the Amendment, claims 67-70 and 72-79 are pending in 
the present application. 

Abstract and Drawings 

The Examiner objected to the length of the Abstract. In reply, Applicants amend the 
Abstract for length. 

The Examiner suggested that the drawings for Figs. 2 and 3 should be labeled with the 
legend "Prior Art." In reply, Applicants submit the accompanying Letter to Official Draftsman, 
in which a "Prior Art" legend has been added to Fig. 2. Applicants do not so label Fig. 3, 
because its subject is not prior art. 

Claim Rejections 
35U.S.C. § 112,^2 

The Examiner rejected claims 67-79 under 35 U.S.C. § 1 12, <f 2 as being indefinite for 
using the term "recency threshold." 

In reply, Applicants amend independent claims 67, 70, 74, and 77 to replace the term 
"recency threshold" with the term "age threshold" and the accompanying clause "in which the 
age threshold represents the oldest allowable age of a membership certificate that can be 
associated with a request for the resource, such that the resource can be provided in reply to the 
request only if the membership certificate has an age that is not older than the oldest allowable 
age." 
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This amendment removes the basis for the Examiner's rejections of claims 67-79 under 
35U.S.C. § 112, <ff 2. 

35 U.S.C. §§ 102(b), 103(a) 

The Examiner rejected claims 67-76 under 35 U.S.C. § 102(b) and claims 77-79 under 35 
U.S.C. § 103(a) as being unpatentable over Gasser. 

Claims 67-69 

Applicants' independent claim 67 deals with a resource server that controls access to 
resources and a client who seeks at least one of the resources. The resource server associates 
each resource with a respective age threshold on the basis of a level of security that is desired for 
the resource. The age threshold represents the oldest allowable age of a membership certificate 
that can be associated with a request from the client for the resource. In other words, the 
resource server can provide the resource to the client only if the membership certificate that is 
associated with the client's request has an age that is not older than the oldest allowable age. 

In contrast to Applicants' independent claim 67, Gasser does not associate a resource 
with an age threshold on the basis of a level of security that is desired for the resource. Rather, 
Gasser describes only conventional approaches for providing system resources to requesting 
principals. In Gasser, when a principal seeks access to a system resource, the system determines 
whether the principal is a member of a group having authorized access. The system makes this 
determination by requesting the group certificate of the group from a Group Naming Service 
(GNS); each group certificate therein includes the name of a group, the identities of principals 
associated with the group, and a time period of validity that is set so as "[t]o reduce [the] risk" 
that an "entity may retain a certificate that has been revoked." (Gasser col. 9, 11. 45-68.) The 
system provides the resource to the principal on the basis of (i) determining that the principal's 
identity is included in the group certificate of the group and (ii) verifying that the time period of 
validity of the group certificate is not expired. (Gasser col. 8, 11. 3-52.) Gasser's system does not 
separately impose an age criterion associated with the resource being requested; so long as the 
principal's certificate has not expired, the system grants the principal's request, independently of 
what the requested resource is. In summary, Gasser's system is constrained to accept the age 
criterion of the GNS. 
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Generally, the likelihood that a principal's membership in a group has been revoked is 
proportional to the time that has elapsed since that group membership certificate for the group 
was issued (i.e., the more time that has elapsed, the more likely it is that the principal's 
membership in the group has been revoked). Gasser does not consider this elapsed time in 
determining whether to provide a principal with access to a system resource. Gasser can, 
therefore, be compromised by a hostile entity, i.e., an entity whose membership in the group has 
been revoked after issuance of the group certificate, but prior to the expiration of the time period 
of validity. As long as the time period of validity is unexpired, Gasser' s system will continue to 
consider the hostile entity to be a valid member of the group and will continue to provide system 
resources to the hostile entity upon request, even though the hostile entity's membership in the 
group has been revoked and system resources should not, therefore, be provided to it. 

The method that Applicants' independent claim 67 defines remedies the above problem. 
In that method, a resource server associates a resource with an age threshold that indicates the 
oldest allowable age of a membership certificate that can be associated with a request for a 
resource. In contrast to Gasser, the resource server in Applicants' method can set its own age 
criteria for its resources, independently of any age criterion that is set by a certificate authority, 
such as Gasser' s GNS. Since the resource server will provide a resource to a requesting client 
only if the age of the client's membership certificate is not older than the age threshold, and since 
the likelihood that the client's membership has been revoked is proportional to the time that has 
elapsed since the membership certificate was issued, the resource server can, by choosing an 
appropriate value of the age threshold for the resource (e.g., one day, one hour, etc.), reduce the 
risk that it will provide the resource to a hostile client (i.e., a client whose membership has been 
revoked after the issuance of the membership certificate). 

Gasser does not, therefore, teach or suggest the feature of Applicants' independent claim 
67 directed to associating a resource with an age threshold on the basis of a level of security 
desired for the resource. Since Gasser does not so associate a resource with an age threshold, 
Gasser does not compare the age of a client's membership certificate with the age threshold or 
provide the resource to the client only if the age of the client's membership certificate is not 
older than the age threshold. 

Independent claim 67 is therefore allowable. Since claims 68 and 69 depend from 
independent claim 67, claims 68 and 69 are also allowable. 
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Claims 70 and 72-79 
Applicants 5 independent claims 70, 74, and 77 are system, processor-program, and 
processor-data-signal companion claims to independent method claim 67 and are allowable for 
the reasons provided with respect to independent claim 67. Since claims 72, 73, 75, 76, 78, and 
79 depend from independent claims 70, 74, and 77, claims 72, 73, 75, 76, and 78 are also 
allowable. 



CONCLUSION 

Consequently, this application is in condition for allowance, which Applicants therefore 
request. 
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Respectfully submitted, 
FOLEY HOAG LLP 




Attorney for the Applicants 



